Please note: This website includes an accessibility system. Press Control-F11 to adjust the website to the visually impaired who are using a screen reader; Press Control-F10 to open an accessibility menu.

Lenovo Edge USB Keyboard Driver Local Privilege Escalation

Lenovo Edge USB Keyboard Driver Local Privilege Escalation

Lenovo Edge USB Keyboard Driver Local Privilege Escalation

Lenovo Security Advisory: LEN-11588

Potential Impact:  Escalation of privileges by a local user

Severity: High

Scope of Impact: Lenovo-specific

CVE Identifier: CVE-2016-8225

 

Summary Description:

A vulnerability was identified in the Lenovo Edge USB Keyboard driver for Windows 7, 8 and 10 where a user with local privileges could execute a file with administrator level privileges.  The Lenovo Edge USB Keyboard is also referred to as Lenovo Slim USB Keyboard or Lenovo Low Profile Keyboard.
 

Mitigation Strategy for Customers (what you should do to protect yourself):

Update the keyboard driver to version 1.21 or later here by following the instructions in the readme file or by updating your system through Lenovo System Update.

 

Product Impact:

This keyboard was sold with the following systems, however customers may have also purchased this keyboard separately.

  • Ideacentre 300s-08IHH
  • Lenovo 63
  • Lenovo E50-00, E50-05
  • Lenovo S200, S400z, S500, S500z, S510, S40-40, S50-30
  • ThinkStation E31, E32, P300, P310, P410, P510, P710, P910  
  • ThinkCentre E63z, E73, E73z, E93, E93z
  • ThinkCentre M53, M73, M73z, M73p, M78, M79, M83, M83z, M93, M93p, M93z
  • ThinkCentre M700, M800, M900

 

Revision History:

Revision

Date

Description

1.0

12/15/2016

Initial release

 

For the most up to date information, please remain current with updates and advisories from Lenovo regarding your equipment and software. The information provided in this advisory is provided on as “as is” basis without any warranty or guarantee of any kind. Lenovo reserves the right to change or update this advisory at any time.

 


Alias Id:LEN-11588
Document ID:PS500079
Original Publish Date:12/15/2016
Last Modified Date:12/15/2016